Topic: Bitcoin address re-usage can lead to theft of private keys (Read 348 times)

If you use Wasabi wallet, your privacy would be less than zero because they not only track all your transactions going in and out of the CoinJoin transaction but also they report it directly to blockchain analysis companies who in turn use it to deanonymize you.

Yes I do agree with this, I do believe that what happened to ronin network is insider job. and I know quantum computer capable doing lot of thing but what you have said is true

---

reuse-ing address is fine for daily transaction with account not more thang 1000$ as long you don't fall to scammer and hiding away your private key, but for privacy process using Wasabi wallet or other mixer is always be a great choice

privacy is not preserved by avoiding address re-use.
its preserved by being a person that does not talk about their life too much..

EG there are people that use a different address for all their signature campaigns. yet they are publicly listing their address in the ad-campaign category posts of the public forum. thus immediately attaching their forum username to all of their new addresses.. becomes a pointless exercise in using different addresses

i personally have a vanity address and i use that simply for the "i dont care who sees" situations. i keep my actual hoard of coins in a separate wallet where the funds are never spent together in a same tx as my vanity address. so they are separate.

i dont list or mention the address of my separate hoard. and so i preserve the privacy of that hoard.
i do not mention my forum name when handling transactions of the hoard. thus keeping that separate too.

..
there is no point doing address-reuse avoidance. if you are still going to be using all your funds from different addresses to deposit into your same KYC'd exchange account

avoiding address re-use should be
OK address 1abcdef is only for exchange A and exchange B,C deposits where they know my birth certified name
OK address 1zxywv is only for merchant F who does not ask for my name or forum avatar/pseudonym
OK address 1pqrstu is only for merchants i found through the forum who know my forum identity

and try to keep the funds separate so they dont sweep together

in short be smart about what address you use with which service. but especially about what life story you attach to that address

Privacy I agree and that is the main point of address reuse, and the only one. I have been using one same address for identification purpose (hence the loss of privacy) but if that made it more vulnerable to private key theft, why would it even be a feature?

I mean, hackers can just use the same attack on any address in blockchain explorer if the quantum computer argument is true then it shouldn't matter if you use the address once or twice or more.

Only way is to keep changing entire wallets if that's the case.

for sake of humour, im making one small adjustment

a few years ago the company behind bitnodes was doing offers of awarding people sats for handing over personal info. like linking their social media and stuff.
so yea it will be a 'sat mine' linking forum usernames to social media and then to known nodes and wallet addresses.

other services awarding sats for 'learn about bitcoin' are able to give away sats because they sell that info when you sign up, other things like 'refer a friend' too as it brings a bigger picture of who you are by revealing your social connections to others

chain analysis websites earn money selling their data so if they can fill that data with tagged addresses it adds a premium to their data

many exchanges wanting this info to be able to analyse it and learn more about their customer behaviours, is worth alot of value to them.
the more an exchange knows about a customer, the more they can spot suspicious people/behaviours and send SAR(suspicious activity reports) and avoid getting fined for accidentality missing out on suspects that should have been obvious if they had the info to make a good decision to report or not

Quantum Computers could calculate your private key with Shor's after 1 transaction because you are revealing your public key in a transaction.
They even could attack it, while it's in the mempool and replace it with a higher fee. Bitcoin has to use quantum-resistant signatures in the future.
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4


Yes, there are some new kinds of attacks regarding the random nonce.
https://eprint.iacr.org/2020/615.pdf

Maybe you don't want to sign messages on edge devices with low entropy.

To piggyback on this, also would mean that multiple industries would be compromised since they rely on the same thing Bitcoin does. Meaning, a solution would've already been found or Bitcoin being broken is the last of our worries. However, as suggested we've got a ton of time to think about quantum resistant measures which probably won't happen for a long time. I'm not sure about our lifetime, but I imagine we'll be ahead of schedule on a solution, since there's already been some half baked solutions proposed already.

Yeah, and considering how much companies usually keep of your data, I wouldn't doubt that exchanges are using this on mass. I imagine this sort of data will unfortunately become a gold mine in the near future. Hence why people should care about not willy nilly giving their information to any company or person for that matter, that asks for it.

The attacks only work if the same nonce is re-used over and over again by the wallet [most wallets plugged that vulnerability 8-10 years ago] or if there is some mathematical relationship between the two nonces e.g. K' (the second nonce) being equal to K+1 or something else equivalently simple. So don't expect to find an equation out of a linear congruential (rand(3) family of RNGs) or Mersenne Twister RNG.

All secure wallets generate a random nonce for each transaction, mitigating this vulnerability.

Do not trust any unreliable source. Hackers can filter the private keys and access the wallet and then steal the bitcoins. Be careful and smart enough to identify any fault.

K values these days are generated deterministically so the chances of it being weak is practically zero. If it is weak in a certain implementation then there is a good chance that there is no need to reuse the address for the private key to be leaked like the case with blockchain.info vulnerability that they were producing the same k for everyone and you could steal the coins before they even confirmed.

In other words implementation flaws mean the said software should be avoided altogether. Whether you reuse addresses or not doesn't change the fact that your funds are at risk.

i think people need to define "re-use"

receiving funds repeatedly from many people to your one address is no harm at all.. (from a brute force hack prospective)
.. its the repeat spending that has a slight miniscule(brute force hack) risk.. but still negligable*

the privacy risk of receiving funds from multiple sources to one address or spending from one address to multiple people is where each merchant/sender/receiver to or from that address, where if you offer personal info then associates that address with a name they have. and they can then pass that info on if you keep using that address if it becomes an interesting address to keep an eye on

*however the risk of someone brute forcing.. well as i said in my last post.. give it a try. try brute forcing satoshis address from his block9 reward , see how easy it really is

Addresses can be reused in different ways.
For example, I can send the same address to Person A, B, and C if they need to send me Bitcoin. The address has been re-used. At most, that's a privacy concern. But even if the address was used 3 times, the public key is never revealed if I don't spend the coins. You wouldn't be able to crack my private key with my public key (even if you could) because there is no record of it yet. Only if I spend the coins from my receiving address by signing a transaction, my public key will be recorded on the blockchain and then you can attempt to crack it. According to experts, we are decades away from such a scenario. 

For now we don't see any harm of repeatedly using the same address but will we wait before something bad happens to us? I don't think he is misleading since he already state some reasons there on why it is advised to constantly change our public address right after every use however for someone that is only dealing with smaller amounts then I think they can continue using with one address.

There's nothing to be afraid of because no one will check their addresses and will be obsessed to hacked it. Hacking isn't easy so if hackers will done the act, they can just do it to the addresses that has huge balances on it as that will be worth of their time.

On the count of 1 as at above, talking about privacy, of course. The public keys were never to be private, that's why its called a public key. It was made to be opened to checks and verifications on transactions done on it but still, remains private as per the identity of whom is behind the address. Although, it puts it directly in the way of an attack to use an address way too often as the loads of coins on it makes it a target for hackers. This you can mitigate by simply generating new address as the need arises.

On the count of 2&3, there isn't a way for which, private keys or seed phrase would be extracted from the public address nor the transaction signatures as these are just a means to the authenticity of transactions done on the blocks and have no links to the keys of the addresses behind.
About quantum computers, of course they've got high processors and are relatively very smart but not up to the task of generating or guessing private keys just yet.

Two screenshots ^{by pooya87} from the past, in early days of Roger Ver's scam efforts. There are better sites to learn about Bitcoin, read news about Bitcoin.

• Make sure you get legit bitcoin and its wallets, resources

just a side note here, bitcoin.com is not the real home for bitcoin, just to know that the link there describing the advantages of their bitcoin wallet is not the real bitcoin wallet, it's just the Rorger Ver's altcoin.

Perhaps, the author is refering to the problem described here: https://web.archive.org/web/20160308014317/http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html ?  

As far as I understand, when the same address is reused, signatures are created with the same private key. This private key can be calculated if, and only if, the k-value (random integer) is either not-so-random (deterministic or weak entropy) or the said k-value is also reused. We are interested in the latter case because the former case doesn't require the reuse of addresses. So, if the wallet software in question is compromised, malicious, flawed, or outdated, or the user himself is trying to sign a transaction using a custom, poorly written ECDSA signature algorithm, it may result in a private key vulnerable to theft. If a wallet uses the same k-value each time it signs a transaction, an attacker can take advantage of this vulnerability and steal all the coins that still are on a reused address.

I think the Author is somehow misleading, if I want to re-use a wallet address multiple times for transactions, it doesn't give me any security harm to my private keys, also we have not seen any computers who have done that currently except for Quantum computers that have been making news but it is still hypothetical, nothing has been done so far. However, address reuse is a big concern when it comes to privacy, you cannot preserve privacy by using a single address for incoming and outgoing transactions every time, the chain surveillance are watching the network, and the moment you do that, you can easily be detected as the owner of the address and the big problem is that you wouldn't be able to combine it with other UTXOs as soon as that address becomes expose to chain analysts.
So, technically, don't use an address more than once.


A node can carry out a transaction Malleabity by changing your transaction ID on the network but they don't have the strength to extract the signature from a transaction, this point is kind of too off.

While we've always been advised not to reuse addresses, I'm not sure if there's anybody here who's religiously doing that. I guess even the ones who are giving that reminder reused addresses themselves. And if it's true that reusing an address could lead to theft of private keys, then theft of Bitcoin would have been as common as reusing an address. It's clear it's not the case.

Whatever happened to that Ronin Network, whether or not it proved that reusing an address indeed leads to theft of private keys, it doesn't matter; Ronin network is not Bitcoin network.